RE: suspicious little link...

  • From: "Katherine moss" <plymouthroamer285@xxxxxxxxx>
  • To: <programmingblind@xxxxxxxxxxxxx>
  • Date: Sat, 4 Sep 2010 23:43:34 -0400

From now on, when you want to hide/unhide file extensions, do not use the
registry.  Use the folder options dialogue and then click the corresponding
option.  

-----Original Message-----
From: programmingblind-bounce@xxxxxxxxxxxxx
[mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of Tyler
Littlefield
Sent: Saturday, September 04, 2010 11:11 PM
To: programmingblind@xxxxxxxxxxxxx
Subject: Re: suspicious little link...

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

They can, but... see my later post.
On 9/4/2010 8:48 PM, qubit wrote:
> I indeed did install WinSCP, and it is only on my computer, I hope. We
don't 
> have a tight network in this house -- just a simple lan with a little file

> sharing. Could a trojan travel from one computer to another without me
doing 
> anything?
> --le
> 
> ----- Original Message ----- 
> From: "Tyler Littlefield" <tyler@xxxxxxxxxxxxx>
> To: <programmingblind@xxxxxxxxxxxxx>
> Sent: Saturday, September 04, 2010 9:11 PM
> Subject: Re: suspicious little link...
> 
> 
> Like totally, dude. Like OMG!
> 
> That aside, I don't see WINScp loading you up with trogens. And silly
> enough to overlook what?
> 
> I did a quick scan through the docs and didn't see that arg you asked
> about, but I'm not quite sure what it would upload. It seems the upload
> target would have to be in the command line. But that link would still
> have to be fired off for it to upload anything. Unless this is some
> elaborate trogen full of holes, but you really can't expect winSCP to be
> installed on a computer. How many end-users have it?
> 
> 
> On 9/4/2010 8:02 PM, Katherine moss wrote:
>> I think it's a Trojan, dude.  Scan your computer with
>> www.eset.com/onlinescan.  That should tell you unless they were silly 
>> enough
>> to overlook it.  And also, check the directories that WinCP puts on your
>> system.  You could have just been unaware of it.
> 
>> -----Original Message-----
>> From: programmingblind-bounce@xxxxxxxxxxxxx
>> [mailto:programmingblind-bounce@xxxxxxxxxxxxx] On Behalf Of qubit
>> Sent: Friday, September 03, 2010 11:45 PM
>> To: bprogramming
>> Subject: suspicious little link...
> 
>> Hi all --
>> Could someone tell me if this is part of an attack and if so, how do I
rid
>> my computer of it?
>> I was cleaning off my desktop of old files and discovered a file with the
>> name of " .lnk" (note that .lnk indicates it is a shortcut. I have
fiddled
>> with the registry to unhide all extensions in windows explorer.)
>> Note that the above shortcut has the base name of a single space.  I 
>> looked
>> at the properties to see what this thing was pointing to, and found the
>> following.
>> target: c:\program files\WinSCP\WinSCP.exe /UploadIfAny
> 
>> I did in fact install WinSCP some time ago, but I was not aware of a 
>> little
>> shortcut named space uploading who-knows-what.
>> I don't know the target server of the upload or the directory on my 
>> machine
>> that it would look at.
> 
>> I wouldn't be surprised if there was a trojan on this laptop as I have
>> indiscriminantly installed a number of programs, but given the suspicious
>> appearance of this shortcut I fear there are data files being
compromised.
>> My machine is running xp pro, but I don't have server software running on
>> it.
>> So does anyone recognize this file? Could it be legitimate? Where would I
>> look for related files?
> 
>> I suppose the admin logs would shed light on any uploads.
>> Thanks.
>> --le
> 
>> __________
>> View the list's information and change your settings at
>> //www.freelists.org/list/programmingblind
> 
> 
> 
>> __________ Information from ESET NOD32 Antivirus, version of virus 
>> signature
>> database 5423 (20100904) __________
> 
>> The message was checked by ESET NOD32 Antivirus.
> 
>> http://www.eset.com
> 
> 
>> __________ Information from ESET NOD32 Antivirus, version of virus 
>> signature
>> database 5423 (20100904) __________
> 
>> The message was checked by ESET NOD32 Antivirus.
> 
>> http://www.eset.com
> 
> 
> 
>> __________ Information from ESET NOD32 Antivirus, version of virus 
>> signature
>> database 5423 (20100904) __________
> 
>> The message was checked by ESET NOD32 Antivirus.
> 
>> http://www.eset.com
> 
> 
>> __________
>> View the list's information and change your settings at
>> //www.freelists.org/list/programmingblind
> 
> 
> 
> 
can, __________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind

__________
View the list's information and change your settings at
//www.freelists.org/list/programmingblind




- -- 
Thanks,
Tyler Littlefield
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMgwpcAAoJELDPyrppriJPTZYH/RiBTftRfDHX7f6ITZAScAQa
Hj+1SJnoOAof2vevIgRq4aD+ixCINLgcq7BrMrzu1WoDvYmlMpHkJhKw0x7DO8Li
steOKT/BUtE5V7lDLljGNVt2Q/AKBlRwK+fAjnX2ccg1zk5AecnYNRZp4P+PWNZF
WwXKPa3LW3FVknf1kz216tqO0YPY+vQk5CtScN7W6JL22JVl/osvB5a/yhK9OpY0
imxv9heYMNvXjCqXlafQsPpvIg7+8GV8PtSWT53UYwhZQvrB20XsOAn2W+yovgUl
lgM9v5yNO4xrn9MyY3TkVPywOjh+q7NRCNRLvDF+tGhyzeSvXvPh6XNpqAaJLNk=
=O3vr
-----END PGP SIGNATURE-----
__________
View the list's information and change your settings at 
//www.freelists.org/list/programmingblind

 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5423 (20100904) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

__________
View the list's information and change your settings at 
//www.freelists.org/list/programmingblind

Other related posts: